New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ionize 1.0.8 - Cross-Site Scripting (XSS) #393
Comments
|
Thanks for this vulnerability feedback. I'm not convinced that this vulnerability gives "complete control over the app". If you have a real example of capability to add / modify data in the DB from this exploit, please give us an example. |
|
Thanks for your reply. Cheers! |
|
I'm sorry, don't take it bad because I really thank you for the information about the exploit. But again, execute arbitrary JS code doesn't mean you're able to do what you listed in the DB, or, if you can do so without be logged in, please do it ! Opening your car's fuel tank little door doesn't mean I can enter your car, start it up and start driving with it. |
|
Execuse me, please forgive me for being inaccurate words.This vulnerability could just lead to execute arbitrary JS code ,but can not attack DB without be logged in. Still thanks for your reply. |
|
Wouldn't this be a vulnerability in Tiny MCE given the code path listed? |
|
For reference: assigned CVE-2017-5961 and targeting ionize |
Procuct: ionize
Vendor: ionize (http://www.ionizecms.com)
Vunlerable Version: 1.0.8 and probably prior
Tested Version: 1.0.8
Author: ADLab of Venustech
Advisory Details:
I have discovered a Cross-Site Scripting (XSS) in ionize, which can be exploited to add,modify or delete information in application`s database and gain complete control over the application.
The vulnerability exists due to insufficientfiltration of user-supplied data in “path” HTTP GET parameter passed to “ionize-master/ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php” url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation example below uses the "alert()" JavaScript function to see a pop-up messagebox:
http://localhost/testcmsofgithub/ionize-master/ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php?path=%22%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E%3Cscript%20%22
The text was updated successfully, but these errors were encountered: